Update: After this story and others went live April 1, Zoom CEO Eric Yuan addressed Zoom security and other issues in a blog post. Part of the blog post detailed a bug fix to be released, which would fix the UNC vulnerability described in our original story, among other things. The fix appears to be pushing out automatically to users. PCWorld staff who’ve already received the fix report the version number as 4.6.9 (19253.0401).
An unpatched vulnerability within Zoom allows an attacker to drop a malicious link into a chat window and use it to steal a Windows password, according to reports.